9. MySpace
Date: 2013Impact: 360 million individual profile
Though it have very long stopped becoming the powerhouse which once was, social media marketing site MySpace strike the statements in 2016 after 360 million consumer profile comprise released onto both LeakedSource and set on the market on dark colored online markets The Real Deal with a price tag of 6 bitcoin (around $3,000 during the time).
According to research by the organization, forgotten facts incorporated email addresses, passwords and usernames for aˆ?a percentage of account which were developed in advance of June 11, 2013, in the older Myspace platform. Being protect all of our users, we’ve got invalidated all individual passwords when it comes down to affected profile developed just before June 11, 2013, about old Myspace platform. These users time for Myspace might be encouraged to authenticate her membership and to reset her code following guidelines.aˆ?
Itaˆ™s believed that the passwords happened to be saved as SHA-1 hashes in the earliest 10 figures of this code changed into lowercase.
10. NetEase
Time: October 2015Impact: 235 million user records
NetEase, a carrier of mailbox treatments through the loves of 163 and 126, reportedly endured a violation in Oct 2015 whenever emails and plaintext passwords concerning 235 million accounts happened to be for sale by dark colored web industry merchant DoubleFlag. NetEase possess preserved that no data violation occurred also to this day HIBP states: aˆ?Whilst there can be evidence the information is genuine (numerous HIBP subscribers affirmed a password they normally use is in the facts), as a result of difficulty of emphatically validating the Chinese breach it was flagged as aˆ?unverified.aˆ?
11. Courtroom Projects (Experian)
Big date: Oct 2013Impact: 200 million individual data
Experian subsidiary legal Ventures decrease target in 2013 when a Vietnamese man tricked they into offering him access to a database that contain 200 million individual documents by posing as a private investigator from Singapore. The details of Hieu Minh Ngoaˆ™s exploits best stumbled on light following their arrest for selling information that is personal people customers (like credit card figures and personal Security rates) to cybercriminals around the globe, one thing he had become performing since 2007. In March 2014, he pleaded responsible to numerous costs including identification fraudulence in america section legal when it comes to region of New Hampshire. The DoJ reported during the time that Ngo have generated a maximum of $2 million from promoting private data.
12. LinkedIn
Big date: Summer 2012Impact: 165 million consumers
With its second appearance on this number is relatedIn, this time in regard to a violation they suffered in 2012 whenever it established that 6.5 million unassociated passwords (unsalted SHA-1 hashes) had been taken by assailants and published onto a Russian hacker community forum. But isnaˆ™t until 2016 your complete degree associated with the event had been unveiled. The same hacker attempting to sell MySpaceaˆ™s facts was found to be providing the emails and passwords of around 165 million LinkedIn users just for 5 bitcoins (around $2,000 at the time). LinkedIn recognized that it was basically produced familiar with the breach, and stated they have reset the passwords of afflicted reports.
13. Dubsmash
Time: December 2018Impact: 162 million individual account
In December 2018, New York-based videos messaging provider Dubsmash got 162 million emails, usernames, PBKDF2 code hashes, also personal data like schedules of delivery taken, that was then set up obtainable on the fancy industry dark colored internet marketplace listed here December. The information had been offered within a collected dump in addition like the likes of MyFitnessPal (regarding that below), MyHeritage (92 million), ShareThis, Armor video games, and dating app CoffeeMeetsBagel.
Dubsmash recognized the violation and deal of data have taken place and supplied advice around code switching. But failed to say how the attackers have in or confirm how many consumers had been influenced.
14. Adobe
Big date: October 2013Impact: 153 million individual data
In early October 2013, Adobe reported that hackers had stolen about three million encoded buyer mastercard reports and login information for an undetermined amount of user account. Period after, Adobe enhanced that quote to incorporate IDs and encrypted passwords for 38 million aˆ?active consumers.aˆ? Security writer Brian Krebs then stated that a file submitted just times earlier aˆ?appears to incorporate more than 150 million username and hashed code sets extracted from Adobe.aˆ? Months of research revealed that the tool got in addition uncovered buyer brands, password, and debit and credit card info. A contract in August 2015 required Adobe to pay $1.1 million in appropriate fees and an undisclosed total customers to settle claims of breaking the Customer reports operate and unjust company tactics. In November 2016, the quantity settled to clients had been reported becoming $one million.
15. My Exercise Friend
Big date: March 2018Impact: 150 million user profile
In February 2018, diet and exercise app MyFitnessPal (owned by Under Armour) revealed around 150 million special emails, internet protocol address address contact information and login credentials eg usernames and passwords retained as SHA-1 and bcrypt hashes. A year later, the information showed up for sale in the dark colored internet and broadly. The firm recognized the violation and said they took activity to tell users of the event. aˆ?Once we became conscious, we easily took tips to discover the nature and range in the concern. Our company is working with trusted information safety agencies to assist in all of our study. We’ve got in addition notified and so are matching with police force regulators,aˆ? it mentioned.